Post reply

Audit

  • February 12, 2015 at 7:41 am

    #297654

    I have a generic question.I need to define the scope for a SQL server database 2008 audit.There could be several parameters which can part of the scope.But I have been asked to identify the most generic parameters to form the scope which can be part of both financial and healthcare database systems.

    We are a healthcare and financial unit.

    What could be the scope from a database perspective to be in compliance with PCI, HIPAA, SOX, FISMA/NIST800-53, COBIT, ISO27001

    Thanks

  • February 12, 2015 at 8:25 am

    #1777260

    sqlserver12345 (2/12/2015)

    I have a generic question.I need to define the scope for a SQL server database 2008 audit.There could be several parameters which can part of the scope.But I have been asked to identify the most generic parameters to form the scope which can be part of both financial and healthcare database systems.

    We are a healthcare and financial unit.

    What could be the scope from a database perspective to be in compliance with PCI, HIPAA, SOX, FISMA/NIST800-53, COBIT, ISO27001

    Thanks

    The scope is in all those documents and more. This isn't a trivial thing that can be generalized. You'll need to meet the letter of the law for each of those documents to survive a real audit.

    --Jeff Moden

    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.

    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply